We see this from time-to-time across many CNAs. I don't know if this has
happened with Mozilla in the past, and I don't have time to dig into my
notes. But with one of today's Mozilla advisories, they assigned a single
new CVE ID to represent three other distinct issues in third-party code,
that already had CVE IDs. They even go so far as to quote the prior IDs.

If this is not the case, then it certainly is confusing to Mozilla
consumers and CVE stakeholders.

Three vulnerabilities were reported in the Libevent library that allow for
out-of-bounds reads and denial of service (DoS) attacks: CVE-2016-10195,
CVE-2016-10196, and CVE-2016-10197. These were fixed in the Libevent
library and these changes were ported to Mozilla code.